Possible infrastructure vulnerabilities:
A computer network is made up of two or more electronic media that are able to communicate with each other through a predetermined way. Computer networks are very important to the world at present. Network vulnerabilities can be described as any security exposure that exposes the network to undesirable activity or unauthorized access. Network vulnerability has the possibility to lead to unauthorized access to information and resources of the network, altering the activities of the networks and even to the total denial of the network (EC-Council Press, 2011). Network vulnerabilities can be categorized into two main categories; application or software vulnerabilities and human vulnerabilities. Most attacks on a computer networks will usually seek to exploit vulnerability in the network. The vulnerability is used to gain access or control over the network or specific activities within the network. A vulnerability is as a fundamental flaw in the system exploitable regardless of any measures implemented in the system to prevent such exploits (EC-Council Press, 2011).
As mentioned, any of the vulnerability in networks falls into either of the two main categories. Attackers can however exploit a number of vulnerabilities when attacking a network. Among the most common network vulnerabilities are improper system configuration, exposed ports, incorrectly deployed firewall, improper use of anti-virus software, insecure applications and applications with backdoors, poor physical security, compromised employees, poor password implementations and lack of a proper security policy among others. As observed, the vulnerabilities in a network are many and comprise of both human and application related factors (Kizza, 2015).
The most important security measure in addressing network vulnerabilities is having a proper security policy and ensuring that it is followed. A security policy will be very important because it will provide the guidelines of how the network is meant to be used. When creating the security policy, the organization ensures that the best security measures are taken into place. In addition to providing guidelines on how the network is to be used, the security policy provides direction on what is to be done in case of emergencies. The second most important security measure is to ensure that the network is configured correctly. Correct configuration of the network increases the security of the network (EC-Council Press, 2011).
When setting up any network, there are security measures that have to be implemented. These are achieved by proper configuration of the network. For example, encryption is an important security measure used in many networks. It ensures that transmissions within the network are effectively protected from eavesdropping. However, encryption can only work with proper configuration of the network. The physical machines at the company need to be secured in order to ensure the security of the network. Usually, the information stored in a network is distributed over a number of devices located in the network. This means that if an unauthorized person got access to one of the devices, they would have access to the information in the network.
The setup used by the company means that information will be stored in the cloud. This means that the network traffic will have to go through the internet. The internet is a public network and it can expose vulnerabilities in the network. Most attacks to the network are likely to come from external sources. In order to prevent external attacks, the network will employ a firewall that will be configured with an intrusion detection system. An antivirus software with the capability to provide internet security will be used in order to prevent normal viruses as well as phishing attacks (EC-Council Press, 2011).
Proper configuration of the network will mean that system level configuration is protected by administrator passwords rather than the default passwords that come with most equipment. Employees will also be required to access the system using a password. The password authentication method will ensure that employees can only perform tasks they are allowed to in the system. Education of employees on network security will ensure that they will be equipped with the knowledge to ensure they use the network safely (Kizza, 2015).
The internal network for the company will be logically a star and bus hybrid topology. The company will host a number of internal servers while the storage will be done in the cloud. The servers will act as the hubs in the ring topology while the other equipment in the network will act as terminals. The main reasons for choosing this topology for the network are that it is easily scalable, faults in one terminal will not affect other terminals and security measures can be implemented over the entire network by use of the hubs. This is very important in this network as there is a provision for growth. Scalability is made easy as additional terminals can be added to the hub. The servers will be connected in bus topology.
Although each server will have a specific purpose, it will also be configured to be able to perform the roles of other servers in case of failure. This ensures availability of the network. The internal network traffic will be routed to the internal network server. Traffic will then be directed to the internet server. A firewall will be implemented between the internet and the internet server of the company. The firewall will filter traffic coming from the internet ensuring that only traffic from trusted sources reaches the internal network. This logical layout ensures that terminals only access the network but do not perform much of the processing required. Processing is performed by the servers. This makes it easier to ensure security by implementing security measures at the server level. Connections to the servers will be performed by use of cables within the building as well as wireless access. Bridges will be used on each floor of the premises to extend the range of the network to each floor. Wireless access points will be connected to the bridges on each floor to provide wireless access on the floor.
Network diagram and topology:
Figure 1 below shows the logical and topological layout of the designed network. The diagram illustrates the placement of the internet, firewalls, servers, routers, switches, access points, and workstations for the network. The selected topology is the star topology. The main reason for this selection is the advantages of star topology on the network in turns of error recoverability, scalability, and security.
Security policy
The usage policy statement is the first part of any security policy. This describes all the resources in the network as well as how they are supposed to be used. The usage policy statement also describes the various users of the network. Typically, there will be five levels of users of a system. These are administrators, privileged users, normal users, partners and guest users. A risk analysis is conducted on the entire system in order to determine the various risks and vulnerabilities faced by the system. For example, data located in a network will vary from public data to confidential data. Configurations of the system can also be system wide or affect the local machine. The risk analysis ensures that all angles are observed and that the system I configured properly (Kizza, 2015).
For instance, system wide changes can be very dangerous. Access to the configuration of such systems should therefore be limited to administrators. The current system is an online selling platform. Company administrators will be able to manage the platform. However, access will also be given to designers who use the platform to sell their designs. They will have permissions such as posting items as well as their prices. They will also have access to the sales figures for their designs. However, they will not have access to other designers’ sales figures. These figures will however be available to company employees in the sales department. The risk analysis allows the company to understand the system and its resources as well as the various users of the system. This allows the system to be configured in a manner that promotes security (Kizza, 2015).
The security policy will also ensure that a security team is set up in the organization. The security team will comprise of various employees with different roles. The roles for each member of the security team will be described in detail as well as the person they are supposed to report to. Finally, the security policy will address measures to take to detect and prevent attacks on the network. The security policy will address the steps to take when an intrusion is detected. Once an intrusion is detected, the security team comes into force. Depending on the nature and extent of the attack, various measures such as restoring the system or even total shutdown of the system can be taken. It is very important for people to know what to do in case of an attack. This ensures that it is possible to return the system to normal functioning as soon as possible.
References
EC-Council Press. (2011). Security and vulnerability assessment. Clifton Park, NY: Course Technology Cengage Learning.
Kizza, J. M. (2015). Guide to computer network security. London: Springer